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Detailed Action 

1. This is a response to the amendment entered on 9/15/2006 in which claims 1-38 were 
cancelled. Claims 39-75 were added. No claims were amended. 

2. Applicant's arguments entered on 9/15/2006 1-38 being cancelled and claims 39-75- were 
added have been considered but are moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 U.S.C 112 

3. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and 
distinctly claiming the subject matter which the applicant regards as his invention. 

4. In view of the rejection to Claims 7,9,20,31 and 33 are rejected under 112, second paragraph, 
reciting the following limitation "or", because it rendered the claims vague and indefinite. Examiner 
withdraws the pending rejection based on the cancellation of claims. 

Claim Rejections - 35 U.S.C - 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 

rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject matter 
sought to be patented and the prior art are such that the subject matter as a whole would 
have been obvious at the time the invention was made to a person having ordinary skill in 
the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

6. Claims 39-75 are rejected under 35 U.S.C. 103(a) as being unpatentable over Draves et al (US 
Patent No. 6,349,355, Date Filed: Feb. 6, 1997) in view of Glew et al (US Patent No. 5,948,097, 
Date Filed: August 29, 1 996). 
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Claims 39. 53. 55. and 62: 

Regarding Claims 39, 53, 55, and 62, Draves teaches a method, computer system, and a 
computer program product of controlling a computer system comprising: 

establishing a privileged region of memory for executing code in privileged mode (column 
6, lines 43-47, Draves); 

establishing a non-privileged region of memory for executing code in non-privileged mode 
(column 6, lines 43-47, respectively, Draves); . 

receiving a memory access request to access a memory address (column 7, lines 43-47, 
wherein makes calls to system or kernel functions that execute in the privileged execution mode, 
wherein the system execution function executes from the kernel virtual address space, with the user 
virtual address space being mapped into the kernel address space to allow the kernel to access data 
from the user address space, wherein makes calls is equivalent to request, and wherein virtual 
address is interpreted to be the memory address, Draves); 

Draves disclose the limitations above. However, Draves does not disclose wherein 
determining whether the memory address is in the privileged region of memory in response to the 
request, nor does he disclose switching the system to privileged mode if the memory address is 
determined to be in the privileged region of memory. 
On the other hand, Glew discloses wherein: 

determining whether the memory address is in the privileged region of memory in response 
to the request (columns 5-6, lines 54-67 and lines 1-5, wherein the privileged kernel code may select 
from several service routines to handle the user code request, wherein a user code desires a printing 
function to be performed by the operating system kernel, wherein the user code desires a print 
function in to a memory device, wherein the kernel code reads the data value and calls the 
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appropriate privilege service routine to handle the request, wherein the kernel code also performs a 
check to make sure the sure code is authorized to request the function, Glew); and 

switching the system to privileged mode if the memory address is determined to be in the 
privileged region of memory (column 2, lines 34-38, wherein if it is determine that the calling 
procedure has the appropriate access rights to the called procedure then execution transfers to the 
privilege code, wherein within the privilege code another call is performed in order to switch the 
kernel code, Glew). 

It would have been obvious to one of the ordinary skill in the art at the time of the invention 
to incorporate Glew teachings into Draves system. A skilled artisan would have been motivated to 
combine as suggested by Glew [column 2, lines 34-38, Glew], in order to provide tailored and 
secured information. As a result, establishing an improved method of established a switching 
mechanism based on authentication measures. 

Claims 40. 54. 56. and 63 : 

Regarding Claims 40, 54, 56, and 63, the combination of Draves in view of Glew teaches 
switching the system to non-privileged mode if the memory address is determined not to be in the 
privileged region of memory (column 10, lines 27-37, wherein the segment offsets that are active in 
the non-privileged execution mode are configured to have different values than the segment offsets 
that are active in the privileged execution mode, Draves) 

Claims 41. 57. and 64 : 

Regarding Claims 41, 57, and 64, the combination of Draves in view of Glew teaches 
wherein determining whether the memory address is in the privileged region of memory is 
performed during a translation of a virtual address to a physical address (column 9, lines 20-26, 
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wherein it is desired to shift or offset the address position of the user virtual address space when 
entering the privilege execution mode, wherein virtual address is interpreted to be a location in 
memory as it appears in a program, Draves), 

Claims 42. 58. and 65: 

Regarding Claims 42, 58, and 65, the combination of Draves in view of Glew teaches 
wherein the memory access request is a system call (column 7, lines 43-54, wherein section calls 
from a user process to a system function result in a switch from the non-privileged execution mode 
to the privileged execution mode and wherein the system function executes from the kernel virtual 
address space, and wherein a system call is defined to be a mechanism used by an application 
program to request service from the operating system, and wherein the user virtual address space 
being mapped into the kernel address space to allow the kernel to access data from the user address 
space, and wherein the virtual-to-physical mappings define how the different user address spaces are 
mapped into the kernel address space, Draves), and wherein the system call is implemented as a 
standard function call (column 6, lines 45-47, wherein make calls to system or kernel functions that 
execute in the privilege execution mode, Draves) . 
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Claims 43 and 66 : 

Regarding Claims 43 and 66, the combination of Draves in view of Glew teaches switching 
the system to non-privileged mode at the conclusion of the system call (column 13, lines 63-65, 
wherein returning from the kernel to the user process, the process switches back to the non- 
privilege execution mode and reverts to the original segment, Draves). 
Claims 44 and 67 : 

Regarding Claims 44 and 67, the combination of Draves in view of Glew teaches wherein 
switching the system to privileged mode further comprises switching the system to privileged mode 
if the system call is not initiated from the privileged region of memory (column 6, lines 43-47, 
Draves). 

Claims 45 and 68 : 

Claims 45 and 68, the combination of Draves in view of Glew teaches wherein determining 
whether the memory address is in the privileged region of memory comprises comparing the address 
against predetermined address limits (Figure 14, all features and column 11, lines 20-35, wherein the 
currendy active ASID is stored by a processor register, and to translate a specified virtual address, 
the processor examines entries have the currendy valid ASID, and then attempts to find an entry 
MATCHING , which is equivalent to comparing, the specified virtual address and is such an entry is 
found, the virtual address is translated using the entry, wherein otherwise, the TLB is updated with 
the desired entry from the associated databases, Draves). 
Claims 46. 59. and 69 : 

Regarding Claims 46, 59, and 69, the combination of Draves in view of Glew teaches 
wherein the memory is divided into a plurality of pages (column 1, lines 62-65, wherein virtual 
memory systems divide virtual and physical memory into blocks, wherein these blocks are fixed in 
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sized and referred to as section or pages, Draves), and wherein determining whether the memory 
address is in the privileged region of memory comprises: 

identifying a page of the plurality of pages, wherein the page comprises the memory address 
(column 12, lines 1-2, wherein the virtual memory in this case is the page beginning at address p- 
20000000h, Draves); and 

determining whether an indicator associated with the page identifies the page as a page in the 
privileged region of memory (column 11, lines 36-44, wherein a second address mapping that is 
identified by second address space identifier, wherein each pair correspond to a particular user 
virtual address page, and wherein the second address space identifier, i.e. ASID, and thus the second 
entry of the pair are used when executing the kernel from the privilege execution mode, Draves). 
Claims 47. 61. and 70 : 

Regarding Claims 47, 61, and 70, the combination of Draves in view of Glew teaches 
wherein the indicator is stored in a page translation table (column 11, lines 16-19, wherein each TLB 
entry is indexed by an address space identifier indicating which user address space is described by 
the entry and entry also includes a virtual page number and a corresponding physical page number, 
Draves). 

Claim 48. 60. and 71 : 

Regarding Claim 48, 60, and 71, the combination of Draves in view of Glew teaches wherein 
a first value of the indicator identifies the page as in the non-privileged (column 12, lines 41-42, 
wherein using at least a first virtual address space when in non-privilege mode, Draves) and 
accessible from the privileged region and the non-privileged region (column 12, lines 47-48, using at 
least a second virtual address space when in the privileged mode, Draves), wherein a second value of 
the indicator identifies the page as in the privileged region (column 12, lines 50-55, wherein 
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virtual address that have been designated for share components, Draves) and accessible from the 
privileged region and the non-privileged region (column 12, lines 63-64, wherein executing a user 
process with the user virtual address space in the non-privilege execution mode; and column 13, 
lines 1-2, wherein executing the system function with the kernel virtual address space in the privilege 
execution mode, Draves), and wherein a third value of the indicator identifies the page as in 
the privileged region and accessible only from the privileged region (column 13, lines 37-40, 
wherein assigning different values to the segment registers that are active in the non-privilege and 
privilege execution modes, Draves). 
Claims 49 and 72 : 

Claims 49 and 72, the combination of Draves in view of Glew wherein the privileged region 
is divided into a first privileged sub-region and a second privileged sub-region (column 1 , lines 62- 
63, wherein virtual memory divide virtual and physical memory into blocks, Draves), and wherein a 
function call from the non privileged region is permitted into only the first privileged sub-region 
(column 3, lines 22-24, wherein only one address is mapped into kernel address space at a given 
time, wherein this is equivalent to permitted into only the first privileged sub-region, where address 
space is the sub-region, Draves). 
Claims 50 and 73 : 

Claims 50 and 73, the combination of Draves in view of Glew teaches wherein the privileged 
region and the non-privileged region are established during system initialization (Figure 5, all 
features, wherein a system shareable program module such as a DDL is loaded in a range of virtual 
memory addresses within the address, space of the user process, wherein the DDL includes a portion 
25 that remain static during program execution, and a data portion 26 that changes during the 
execution of the program, wherein Figure 5 illustrates a kernel 24 residing in the upper 2 gigabytes 
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of virtual memory and wherein code must either be loaded at a specific preferred virtual memory 
address, or be modified to run at some other virtual memory address and wherein DDL is 
configured to execute only in the prescribed range of addresses at which it has been loaded, which is 
equivalent to system initialization, Draves). 
Claims 51 and 74 : 

Claims 51 and 74, the combination of Draves in view of Glew teaches wherein at least a 
portion of device driver code is located in the privileged region (Figure 6, diagram 38, wherein a 
multimedia is equivalent to a device driver and column 6, lines 1-18, wherein additional devices are 
defined, Draves). 
Claims 52 and 75 : 

Claims 52 and 75, the combination of Draves in view of Glew teaches wherein at least a 
portion of trusted application code is located in the privileged region (column 4, lines 60-64, wherein 
having both privilege and non privilege modes of execution is equivalent to a trust application, 
Draves). 

Prior Art Made of Record 

1. Draves et al. (US Patent No. 6,349,355) discloses a computer system has a microprocessor 
that can execute in a non-privileged user mode and a privileged kernel mode. 

2. Oliveri (US Patent No. 7,058,786) discloses a computer having different memory address 
spaces, wherein a method and system is provided for communicating data. 

3. Diamant et al. (US Patent No. 6,202,153) disclose a method for selectively connection 
computer stations to a plurality of communication devices. 
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4. Glew et al (US Patent No. 5,948,097) discloses a method and apparatus for performing a 
system call in a system having a user privilege level and a kernel privilege level, wherein the kernel 
privilege level is higher than the user privilege level. 
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